Fix size_t and longlong specifiers for MinGW

MinGW and older windows compilers cannot cope with %zu or %lld (there is a workaround for MinGW, but it involves linking more code, there is no workaround for Windows compilers prior to 2013). Attempt to work around this by defining printf specifiers for size_t per platform for the compilers that cannot use the C99 specifiers. Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2025-11-03 20:22:59 -05:00 · 2021-01-07 14:47:05 +00:00 · 2021-01-07 14:47:05 +00:00 · d48d5c6615
commit d48d5c6615
parent 3949065aef
5 changed files with 120 additions and 57 deletions
--- a/include/mbedtls/debug.h
+++ b/include/mbedtls/debug.h
@ -99,6 +99,34 @@
 #define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check)
 #endif

+/**
+ * \def MBEDTLS_PRINTF_SIZET
+ *
+ * MBEDTLS_PRINTF_xxx: Due to issues with older window compilers
+ * and MinGW we need to define the printf specifier for size_t
+ * and long long per platform.
+ *
+ * Module:  library/debug.c
+ * Caller:
+ *
+ * This module provides debugging functions.
+ */
+#if defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1800)
+   #ifdef _WIN32
+      #include <inttypes.h>
+      #ifdef _WIN64
+         #define MBEDTLS_PRINTF_SIZET     PRIuPTR
+         #define MBEDTLS_PRINTF_LONGLONG  "I128d"
+      #else
+         #define MBEDTLS_PRINTF_SIZET     PRIuPTR
+         #define MBEDTLS_PRINTF_LONGLONG  "I64d"
+      #endif
+   #endif
+#else
+   #define MBEDTLS_PRINTF_SIZET     "zu"
+   #define MBEDTLS_PRINTF_LONGLONG  "lld"
+#endif
+
 #ifdef __cplusplus
 extern "C" {
 #endif
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@ -685,7 +685,7 @@ static int ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl,
        return( 0 );

    MBEDTLS_SSL_DEBUG_MSG( 3,
-        ( "sending session ticket of length %zu", tlen ) );
+        ( "sending session ticket of length %" MBEDTLS_PRINTF_SIZET, tlen ) );

    memcpy( p, ssl->session_negotiate->ticket, tlen );

@ -905,7 +905,8 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl )
    *p++ = (unsigned char)( t >>  8 );
    *p++ = (unsigned char)( t       );

-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, current time: %lld", (long long) t ) );
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, current time: %" MBEDTLS_PRINTF_LONGLONG,
+                                (long long) t ) );
 #else
    if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 4 ) ) != 0 )
        return( ret );
@ -1114,7 +1115,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
    for( i = 0; i < n; i++ )
        *p++ = ssl->session_negotiate->id[i];

-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, session id len.: %zu", n ) );
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, session id len.: %" MBEDTLS_PRINTF_SIZET, n ) );
    MBEDTLS_SSL_DEBUG_BUF( 3,   "client hello, session id", buf + 39, n );

    /*
@ -1197,7 +1198,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
    }

    MBEDTLS_SSL_DEBUG_MSG( 3,
-        ( "client hello, got %zu ciphersuites (excluding SCSVs)", n ) );
+        ( "client hello, got %" MBEDTLS_PRINTF_SIZET " ciphersuites (excluding SCSVs)", n ) );

    /*
     * Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV
@ -1420,7 +1421,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
    /* olen unused if all extensions are disabled */
    ((void) olen);

-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %zu",
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %" MBEDTLS_PRINTF_SIZET,
                                ext_len ) );

    if( ext_len > 0 )
@ -2261,7 +2262,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )

    mbedtls_ssl_optimize_checksum( ssl, ssl->handshake->ciphersuite_info );

-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %zu", n ) );
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %" MBEDTLS_PRINTF_SIZET, n ) );
    MBEDTLS_SSL_DEBUG_BUF( 3,   "server hello, session id", buf + 35, n );

    /*
@ -2373,7 +2374,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
    ext = buf + 40 + n;

    MBEDTLS_SSL_DEBUG_MSG( 2,
-        ( "server hello, total extension length: %zu", ext_len ) );
+        ( "server hello, total extension length: %" MBEDTLS_PRINTF_SIZET, ext_len ) );

    while( ext_len )
    {
@ -2628,7 +2629,7 @@ static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl,

    if( ssl->handshake->dhm_ctx.len * 8 < ssl->conf->dhm_min_bitlen )
    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %zu < %u",
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %" MBEDTLS_PRINTF_SIZET " < %u",
                                    ssl->handshake->dhm_ctx.len * 8,
                                    ssl->conf->dhm_min_bitlen ) );
        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
@ -4347,7 +4348,7 @@ static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl )
        return( MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET );
    }

-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket length: %zu", ticket_len ) );
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket length: %" MBEDTLS_PRINTF_SIZET, ticket_len ) );

    /* We're not waiting for a NewSessionTicket message any more */
    ssl->handshake->new_session_ticket = 0;
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@ -623,7 +623,8 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,

    if( rec->data_len > MBEDTLS_SSL_OUT_CONTENT_LEN )
    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record content %zu too large, maximum %zu",
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record content %" MBEDTLS_PRINTF_SIZET
+                                    " too large, maximum %" MBEDTLS_PRINTF_SIZET,
                                    rec->data_len,
                                    (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN ) );
        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
@ -764,7 +765,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
    {
        int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
        size_t olen;
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %zu, "
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", "
                                    "including %d bytes of padding",
                                    rec->data_len, 0 ) );

@ -842,7 +843,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
                               dynamic_iv_is_explicit ? dynamic_iv_len : 0 );
        MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD",
                               add_data, add_data_len );
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %zu, "
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", "
                                    "including 0 bytes of padding",
                                    rec->data_len ) );

@ -945,8 +946,9 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
        }
 #endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */

-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %zu, "
-                            "including %zu bytes of IV and %zu bytes of padding",
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", "
+                            "including %" MBEDTLS_PRINTF_SIZET
+                            " bytes of IV and %" MBEDTLS_PRINTF_SIZET " bytes of padding",
                            rec->data_len, transform->ivlen,
                            padlen + 1 ) );

@ -1366,7 +1368,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
        {
            if( rec->data_len < dynamic_iv_len )
            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%zu) < explicit_iv_len (%zu) ",
+                MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%" MBEDTLS_PRINTF_SIZET
+                                            " ) < explicit_iv_len (%" MBEDTLS_PRINTF_SIZET ") ",
                                            rec->data_len,
                                            dynamic_iv_len ) );
                return( MBEDTLS_ERR_SSL_INVALID_MAC );
@ -1385,7 +1388,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
        /* Check that there's space for the authentication tag. */
        if( rec->data_len < transform->taglen )
        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%zu) < taglen (%zu) ",
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%" MBEDTLS_PRINTF_SIZET
+                                        ") < taglen (%" MBEDTLS_PRINTF_SIZET ") ",
                                        rec->data_len,
                                        transform->taglen ) );
            return( MBEDTLS_ERR_SSL_INVALID_MAC );
@ -1488,7 +1492,9 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
        if( rec->data_len < minlen + transform->ivlen ||
            rec->data_len < minlen + transform->maclen + 1 )
        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%zu) < max( ivlen(%zu), maclen (%zu) "
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%" MBEDTLS_PRINTF_SIZET
+                                        ") < max( ivlen(%" MBEDTLS_PRINTF_SIZET
+                                        "), maclen (%" MBEDTLS_PRINTF_SIZET ") "
                                "+ 1 ) ( + expl IV )", rec->data_len,
                                transform->ivlen,
                                transform->maclen ) );
@ -1554,7 +1560,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
         * data_len >= minlen + ivlen ( = minlen or 2 * minlen ). */
        if( rec->data_len % transform->ivlen != 0 )
        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%zu) %% ivlen (%zu) != 0",
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%" MBEDTLS_PRINTF_SIZET
+                                        ") %% ivlen (%" MBEDTLS_PRINTF_SIZET ") != 0",
                                        rec->data_len, transform->ivlen ) );
            return( MBEDTLS_ERR_SSL_INVALID_MAC );
        }
@ -1624,7 +1631,9 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
 #if defined(MBEDTLS_SSL_DEBUG_ALL)
            if( rec->data_len < transform->maclen + padlen + 1 )
            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%zu) < maclen (%zu) + padlen (%zu)",
+                MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%" MBEDTLS_PRINTF_SIZET
+                                            ") < maclen (%" MBEDTLS_PRINTF_SIZET
+                                            ") + padlen (%" MBEDTLS_PRINTF_SIZET ")",
                                            rec->data_len,
                                            transform->maclen,
                                            padlen + 1 ) );
@ -1653,8 +1662,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
            if( padlen > transform->ivlen )
            {
 #if defined(MBEDTLS_SSL_DEBUG_ALL)
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding length: is %zu, "
-                                            "should be no more than %zu",
+                MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding length: is %" MBEDTLS_PRINTF_SIZET ", "
+                                            "should be no more than %" MBEDTLS_PRINTF_SIZET,
                                            padlen, transform->ivlen ) );
 #endif
                correct = 0;
@ -1890,7 +1899,7 @@ static int ssl_compress_buf( mbedtls_ssl_context *ssl )

    memcpy( msg_pre, ssl->out_msg, len_pre );

-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "before compression: msglen = %zu, ",
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "before compression: msglen = %" MBEDTLS_PRINTF_SIZET ", ",
                   ssl->out_msglen ) );

    MBEDTLS_SSL_DEBUG_BUF( 4, "before compression: output payload",
@ -1911,7 +1920,7 @@ static int ssl_compress_buf( mbedtls_ssl_context *ssl )
    ssl->out_msglen = out_buf_len -
                      ssl->transform_out->ctx_deflate.avail_out - bytes_written;

-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "after compression: msglen = %zu, ",
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "after compression: msglen = %" MBEDTLS_PRINTF_SIZET ", ",
                   ssl->out_msglen ) );

    MBEDTLS_SSL_DEBUG_BUF( 4, "after compression: output payload",
@ -1942,7 +1951,7 @@ static int ssl_decompress_buf( mbedtls_ssl_context *ssl )

    memcpy( msg_pre, ssl->in_msg, len_pre );

-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "before decompression: msglen = %zu, ",
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "before decompression: msglen = %" MBEDTLS_PRINTF_SIZET ", ",
                   ssl->in_msglen ) );

    MBEDTLS_SSL_DEBUG_BUF( 4, "before decompression: input payload",
@ -1963,7 +1972,7 @@ static int ssl_decompress_buf( mbedtls_ssl_context *ssl )
    ssl->in_msglen = in_buf_len -
                     ssl->transform_in->ctx_inflate.avail_out - header_bytes;

-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "after decompression: msglen = %zu, ",
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "after decompression: msglen = %" MBEDTLS_PRINTF_SIZET ", ",
                   ssl->in_msglen ) );

    MBEDTLS_SSL_DEBUG_BUF( 4, "after decompression: input payload",
@ -2042,7 +2051,8 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want )

            if( ssl->in_left != 0 )
            {
-                MBEDTLS_SSL_DEBUG_MSG( 2, ( "next record in same datagram, offset: %zu",
+                MBEDTLS_SSL_DEBUG_MSG( 2, ( "next record in same datagram, offset: %"
+                                            MBEDTLS_PRINTF_SIZET,
                                    ssl->next_record_offset ) );
                memmove( ssl->in_hdr,
                         ssl->in_hdr + ssl->next_record_offset,
@ -2052,7 +2062,8 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want )
            ssl->next_record_offset = 0;
        }

-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %zu, nb_want: %zu",
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %" MBEDTLS_PRINTF_SIZET
+                                    ", nb_want: %" MBEDTLS_PRINTF_SIZET,
                       ssl->in_left, nb_want ) );

        /*
@ -2153,7 +2164,8 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want )
    else
 #endif
    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %zu, nb_want: %zu",
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %" MBEDTLS_PRINTF_SIZET
+                                    ", nb_want: %" MBEDTLS_PRINTF_SIZET,
                       ssl->in_left, nb_want ) );

        while( ssl->in_left < nb_want )
@ -2177,7 +2189,8 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want )
                }
            }

-            MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %zu, nb_want: %zu",
+            MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %" MBEDTLS_PRINTF_SIZET
+                                        ", nb_want: %" MBEDTLS_PRINTF_SIZET,
                                        ssl->in_left, nb_want ) );
            MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_recv(_timeout)", ret );

@ -2190,7 +2203,7 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want )
            if ( (size_t)ret > len || ( INT_MAX > SIZE_MAX && ret > (int)SIZE_MAX ) )
            {
                MBEDTLS_SSL_DEBUG_MSG( 1,
-                    ( "f_recv returned %d bytes but only %zu were requested",
+                    ( "f_recv returned %d bytes but only %" MBEDTLS_PRINTF_SIZET " were requested",
                    ret, len ) );
                return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
            }
@ -2230,7 +2243,8 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl )

    while( ssl->out_left > 0 )
    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "message length: %zu, out_left: %zu",
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "message length: %" MBEDTLS_PRINTF_SIZET
+                                    ", out_left: %" MBEDTLS_PRINTF_SIZET,
                       mbedtls_ssl_out_hdr_len( ssl ) + ssl->out_msglen, ssl->out_left ) );

        buf = ssl->out_hdr - ssl->out_left;
@ -2244,7 +2258,7 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl )
        if( (size_t)ret > ssl->out_left || ( INT_MAX > SIZE_MAX && ret > (int)SIZE_MAX ) )
        {
            MBEDTLS_SSL_DEBUG_MSG( 1,
-                ( "f_send returned %d bytes but only %zu bytes were sent",
+                ( "f_send returned %d bytes but only %" MBEDTLS_PRINTF_SIZET " bytes were sent",
                ret, ssl->out_left ) );
            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
        }
@ -2286,14 +2300,15 @@ static int ssl_flight_append( mbedtls_ssl_context *ssl )
    /* Allocate space for current message */
    if( ( msg = mbedtls_calloc( 1, sizeof(  mbedtls_ssl_flight_item ) ) ) == NULL )
    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %zu bytes failed",
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %" MBEDTLS_PRINTF_SIZET " bytes failed",
                            sizeof( mbedtls_ssl_flight_item ) ) );
        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
    }

    if( ( msg->p = mbedtls_calloc( 1, ssl->out_msglen ) ) == NULL )
    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %zu bytes failed", ssl->out_msglen ) );
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %" MBEDTLS_PRINTF_SIZET " bytes failed",
+                                    ssl->out_msglen ) );
        mbedtls_free( msg );
        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
    }
@ -2699,7 +2714,8 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
    if( ssl->out_msglen > MBEDTLS_SSL_OUT_CONTENT_LEN )
    {
        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record too large: "
-                                    "size %zu, maximum %zu",
+                                    "size %" MBEDTLS_PRINTF_SIZET
+                                    ", maximum %" MBEDTLS_PRINTF_SIZET,
                                    ssl->out_msglen,
                                    (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN ) );
        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
@ -2728,7 +2744,7 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
            if( MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen < 8 )
            {
                MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS handshake message too large: "
-                              "size %zu, maximum %zu",
+                              "size %" MBEDTLS_PRINTF_SIZET ", maximum %" MBEDTLS_PRINTF_SIZET,
                               hs_len,
                               (size_t) ( MBEDTLS_SSL_OUT_CONTENT_LEN - 12 ) ) );
                return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
@ -2923,7 +2939,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
        ssl->out_hdr[0] = (unsigned char) ssl->out_msgtype;

        MBEDTLS_SSL_DEBUG_MSG( 3, ( "output record: msgtype = %u, "
-                                    "version = [%u:%u], msglen = %zu",
+                                    "version = [%u:%u], msglen = %" MBEDTLS_PRINTF_SIZET,
                                    ssl->out_hdr[0], ssl->out_hdr[1],
                                    ssl->out_hdr[2], len ) );

@ -3119,7 +3135,7 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl )
 {
    if( ssl->in_msglen < mbedtls_ssl_hs_hdr_len( ssl ) )
    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake message too short: %zu",
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake message too short: %" MBEDTLS_PRINTF_SIZET,
                            ssl->in_msglen ) );
        return( MBEDTLS_ERR_SSL_INVALID_RECORD );
    }
@ -3127,7 +3143,7 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl )
    ssl->in_hslen = mbedtls_ssl_hs_hdr_len( ssl ) + ssl_get_hs_total_len( ssl );

    MBEDTLS_SSL_DEBUG_MSG( 3, ( "handshake message: msglen ="
-                        " %zu, type = %u, hslen = %zu",
+                        " %" MBEDTLS_PRINTF_SIZET ", type = %u, hslen = %" MBEDTLS_PRINTF_SIZET,
                        ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) );

 #if defined(MBEDTLS_SSL_PROTO_DTLS)
@ -3747,7 +3763,7 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl,
    MBEDTLS_SSL_DEBUG_BUF( 4, "input record header", buf, rec->data_offset );

    MBEDTLS_SSL_DEBUG_MSG( 3, ( "input record: msgtype = %u, "
-                                "version = [%d:%d], msglen = %zu",
+                                "version = [%d:%d], msglen = %" MBEDTLS_PRINTF_SIZET,
                                rec->type,
                                major_ver, minor_ver, rec->data_len ) );

@ -4325,21 +4341,31 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl )
                    {
                        /* If we can't buffer a future message because
                         * of space limitations -- ignore. */
-                        MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %zu would exceed the compile-time limit %zu (already %zu bytes buffered) -- ignore\n",
+                        MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %" MBEDTLS_PRINTF_SIZET
+                                                    " would exceed the compile-time limit %" MBEDTLS_PRINTF_SIZET
+                                                    " (already %" MBEDTLS_PRINTF_SIZET
+                                                    " bytes buffered) -- ignore\n",
                             msg_len, (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING,
                             hs->buffering.total_bytes_buffered ) );
                        goto exit;
                    }
                    else
                    {
-                        MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %zu would exceed the compile-time limit %zu (already %zu bytes buffered) -- attempt to make space by freeing buffered future messages\n",
+                        MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %" MBEDTLS_PRINTF_SIZET
+                                                    " would exceed the compile-time limit %" MBEDTLS_PRINTF_SIZET
+                                                    " (already %" MBEDTLS_PRINTF_SIZET
+                                                    " bytes buffered) -- attempt to make space by freeing buffered future messages\n",
                             msg_len, (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING,
                             hs->buffering.total_bytes_buffered ) );
                    }

                    if( ssl_buffer_make_space( ssl, reassembly_buf_sz ) != 0 )
                    {
-                        MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reassembly of next message of size %zu (%zu with bitmap) would exceed the compile-time limit %zu (already %zu bytes buffered) -- fail\n",
+                        MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reassembly of next message of size %" MBEDTLS_PRINTF_SIZET
+                                                    " (%" MBEDTLS_PRINTF_SIZET " with bitmap) would exceed"
+                                                    " the compile-time limit %" MBEDTLS_PRINTF_SIZET
+                                                    " (already %" MBEDTLS_PRINTF_SIZET
+                                                    " bytes buffered) -- fail\n",
                             msg_len,
                             reassembly_buf_sz,
                             (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING,
@ -4349,7 +4375,7 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl )
                    }
                }

-                MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialize reassembly, total length = %zu",
+                MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialize reassembly, total length = %" MBEDTLS_PRINTF_SIZET,
                                            msg_len ) );

                hs_buf->data = mbedtls_calloc( 1, reassembly_buf_sz );
@ -4395,7 +4421,8 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl )
                frag_off = ssl_get_hs_frag_off( ssl );
                frag_len = ssl_get_hs_frag_len( ssl );

-                MBEDTLS_SSL_DEBUG_MSG( 2, ( "adding fragment, offset = %zu, length = %zu",
+                MBEDTLS_SSL_DEBUG_MSG( 2, ( "adding fragment, offset = %" MBEDTLS_PRINTF_SIZET
+                                            ", length = %" MBEDTLS_PRINTF_SIZET,
                                            frag_off, frag_len ) );
                memcpy( msg + frag_off, ssl->in_msg + 12, frag_len );

@ -4622,7 +4649,10 @@ static int ssl_buffer_future_record( mbedtls_ssl_context *ssl,
    if( rec->buf_len > ( MBEDTLS_SSL_DTLS_MAX_BUFFERING -
                         hs->buffering.total_bytes_buffered ) )
    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future epoch record of size %zu would exceed the compile-time limit %zu (already %zu bytes buffered) -- ignore\n",
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future epoch record of size %" MBEDTLS_PRINTF_SIZET
+                                    " would exceed the compile-time limit %" MBEDTLS_PRINTF_SIZET
+                                    " (already %" MBEDTLS_PRINTF_SIZET
+                                    " bytes buffered) -- ignore\n",
                        rec->buf_len, (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING,
                        hs->buffering.total_bytes_buffered ) );
        return( 0 );
@ -4903,7 +4933,7 @@ int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl )
    {
        if( ssl->in_msglen != 1 )
        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid CCS message, len: %zu",
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid CCS message, len: %" MBEDTLS_PRINTF_SIZET,
                           ssl->in_msglen ) );
            return( MBEDTLS_ERR_SSL_INVALID_RECORD );
        }
@ -4939,7 +4969,7 @@ int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl )
            /* Note: Standard allows for more than one 2 byte alert
               to be packed in a single message, but Mbed TLS doesn't
               currently support this. */
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid alert message, len: %zu",
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid alert message, len: %" MBEDTLS_PRINTF_SIZET,
                           ssl->in_msglen ) );
            return( MBEDTLS_ERR_SSL_INVALID_RECORD );
        }
@ -5771,7 +5801,8 @@ static int ssl_write_real( mbedtls_ssl_context *ssl,
        if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
        {
            MBEDTLS_SSL_DEBUG_MSG( 1, ( "fragment larger than the (negotiated) "
-                                "maximum fragment length: %zu > %zu",
+                                "maximum fragment length: %" MBEDTLS_PRINTF_SIZET
+                                " > %" MBEDTLS_PRINTF_SIZET,
                                len, max_len ) );
            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
        }
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@ -633,7 +633,7 @@ static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl,
    /* Remember the client asked us to send a new ticket */
    ssl->handshake->new_session_ticket = 1;

-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket length: %zu", len ) );
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket length: %" MBEDTLS_PRINTF_SIZET, len ) );

    if( len == 0 )
        return( 0 );
@ -2826,7 +2826,8 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
    *p++ = (unsigned char)( t >>  8 );
    *p++ = (unsigned char)( t       );

-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lld", (long long) t ) );
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %" MBEDTLS_PRINTF_LONGLONG,
+                                (long long) t ) );
 #else
    if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 4 ) ) != 0 )
        return( ret );
@ -2914,7 +2915,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
    memcpy( p, ssl->session_negotiate->id, ssl->session_negotiate->id_len );
    p += ssl->session_negotiate->id_len;

-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %zu", n ) );
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %" MBEDTLS_PRINTF_SIZET, n ) );
    MBEDTLS_SSL_DEBUG_BUF( 3,   "server hello, session id", buf + 39, n );
    MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
                   ssl->handshake->resume ? "a" : "no" ) );
@ -2995,7 +2996,8 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
    ext_len += olen;
 #endif

-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, total extension length: %zu", ext_len ) );
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, total extension length: %" MBEDTLS_PRINTF_SIZET,
+                                ext_len ) );

    if( ext_len > 0 )
    {
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -2215,7 +2215,8 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
        n = crt->raw.len;
        if( n > MBEDTLS_SSL_OUT_CONTENT_LEN - 3 - i )
        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate too large, %zu > %zu",
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate too large, %" MBEDTLS_PRINTF_SIZET
+                                        " > %" MBEDTLS_PRINTF_SIZET,
                           i + 3 + n, (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN ) );
            return( MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE );
        }
@ -2831,7 +2832,7 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
    chain = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
    if( chain == NULL )
    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%zu bytes) failed",
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed",
                                    sizeof( mbedtls_x509_crt ) ) );
        mbedtls_ssl_send_alert_message( ssl,
                                        MBEDTLS_SSL_ALERT_LEVEL_FATAL,
@ -3858,7 +3859,7 @@ int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
    ssl->in_buf = mbedtls_calloc( 1, in_buf_len );
    if( ssl->in_buf == NULL )
    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%zu bytes) failed", in_buf_len ) );
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed", in_buf_len ) );
        ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
        goto error;
    }
@ -3869,7 +3870,7 @@ int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
    ssl->out_buf = mbedtls_calloc( 1, out_buf_len );
    if( ssl->out_buf == NULL )
    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%zu bytes) failed", out_buf_len ) );
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed", out_buf_len ) );
        ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
        goto error;
    }